“Google account hacked” text scam puzzles researchers

A curious spamming campaign continues to target Google users via their mobile phones, and researchers still don’t know what it actually does.

First spotted back in March, bogus Google messages warn potential victims that their account has been hacked and asks them to send a message to that number when they are ready to verify their accounts:

“The obvious intention of the messages is to trick users into responding. But, the exact motivation of those responsible for the spam messages remains unclear,” says Hoax-Slayer, positing that the message might be an attempt to trick users into supplying sensitive personal information or subscribing to premium rate SMS services.

“The ruse might also be an elaborate attempt to identify users who are likely to fall for future spam or scam campaigns. Those who reply are showing that they are susceptible to such tricks and are willing to follow instructions,” he adds. “A list containing the phone numbers of such ‘primed’ potential victims would be considered very valuable to scammers and spammers.”

ThreatTrack’s Chris Boyd says that replying with the requested message gets the victims another message containing a “verification code”, which they are supposed to give out to Google operators when they call.

The call eventually does happen. It’s pre-recorded, and asks the victims to enter the verification code they received. Once they do that, they are told that “voice mail is ready to be set up” – and that’s the end of it.

“What exactly is taking place here? Is it a long winded way to sign people up to premium rate SMS services? A phish gone horribly wrong? The worst promotion for a new voicemail service ever? Nobody seems to be entirely sure,” says Boyd.

What they do know for sure is that the messages are not sent by Google, and the best thing to do if you receive one is to not reply and delete it.

If you want to check whether your account has been compromised, do it by visiting the Google login page on your own (i.e. without following links) and logging in. If possible, enabling Google’s 2-step authentication is also a good idea.